mrpg/install.sh

## install.sh
#!/usr/bin/env bash

# Max R. P. Grossmann's Arch Linux install script with LVM2 on LUKS
# under (U)EFI, with an btrfs root, the hardened kernel and NetworkManager
# Licensed under CC0: https://creativecommons.org/publicdomain/zero/1.0/

# To run, simply boot the live disk and put this script into install.sh.
# Run `chmod +x install.sh` and `./install.sh` to run.

# THERE IS NO WARRANTY, AND RUNNING THIS SCRIPT INCORRECTLY WILL UTTERLY
# DESTROY YOUR DATA. THERE IS NO WARRANTY. RUN AT YOUR OWN RISK.

set -euo pipefail

prompt () {
	echo "$(tput setaf 1)$1"
	echo -n "$(tput sgr0)"
}

if [ "$0" != "/install-chroot.sh" ]
then
	[ -d /sys/firmware/efi ] || (
		prompt "You need to enable EFI in order to run this install script."
		prompt "Please reboot into an EFI-enabled system and re-run this script."
		exit 1
	)


	while :
	do
		prompt "The following disks are available. To which do you want to install Arch Linux?"
		fdisk -l | grep "Disk /"
		prompt "To select a disk, enter something like ´/dev/sdz´ or ´/dev/nvme0n1´."
		prompt "SELECT WISELY, THERE IS NO WARRANTY. CONTINUE AT YOUR OWN RISK."
		prompt "If you specify the wrong disk, the data on it will be irrecoverably destroyed."
		prompt "Press Ctrl+C now to abort without making any changes."
		read -r device

		if [ -b "$device" ]
		then
			DESTDEVICE="$device"

			break
		fi
	done

	sgdisk -og "$DESTDEVICE"
	sgdisk -n 1:2048:+512M -t 1:ef00 "$DESTDEVICE"
	sgdisk --attributes=1:set:2 "$DESTDEVICE"
	sgdisk -n 2:0:0 -t 2:8300 "$DESTDEVICE"

	partprobe

	if [ -b "$DESTDEVICE"1 ]
	then
		PART1="$DESTDEVICE"1
		PART2="$DESTDEVICE"2
	elif [ -b "$DESTDEVICE"p1 ]
	then
		PART1="$DESTDEVICE"p1
		PART2="$DESTDEVICE"p2
	else
		prompt "Could not find partitions. Stopping."
		exit 1
	fi

	mkfs.vfat -F32 "$PART1"

	cryptsetup -c aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 10000 -y --use-random luksFormat "$PART2"
	cryptsetup luksOpen "$PART2" crypt

	TOTALMEM="$(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))M"

	while :
	do
		prompt "Please enter the size of the swap partition. This must"
		prompt "be something like ´512M´ or ´4G´. Even if you don't want"
		prompt "swap, please still specify a small amount, like 64M."
		prompt "You can always later remove swap using LVM."
		prompt "(You currently have $TOTALMEM of RAM.)"
		read -r swap

		if [[ $swap =~ [0-9]M || $swap =~ [0-9]G ]]
		then
			SWAPSIZE="$swap"

			break
		fi
	done

	pvcreate /dev/mapper/crypt
	vgcreate vg0 /dev/mapper/crypt
	lvcreate --size "$SWAPSIZE" vg0 --name swap
	lvcreate -l +100%FREE vg0 --name root

	mkswap /dev/mapper/vg0-swap
	mkfs.btrfs /dev/mapper/vg0-root

	swapon /dev/mapper/vg0-swap

	mount /dev/mapper/vg0-root /mnt
	mkdir /mnt/boot
	mount "$PART1" /mnt/boot

	pacstrap /mnt linux-hardened linux-firmware lvm2 btrfs-progs base base-devel efibootmgr nano vim networkmanager

	genfstab -pU /mnt >> /mnt/etc/fstab

	echo "tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0" >> /mnt/etc/fstab
	sed -i "s/relatime/noatime/g" /mnt/etc/fstab

	cp "$(basename "$0")" /mnt/install-chroot.sh

	echo "$PART2" > /mnt/part2

	arch-chroot /mnt /install-chroot.sh

	exit 0
else
	# the following commands will only be executed inside the chroot

	PART2=$(cat /part2)

	while :
	do
		prompt "Please enter your timezone, something like ´Europe/Zurich´ or ´America/Shiprock´."
		read -r tz

		if [ -f "/usr/share/zoneinfo/$tz" ]
		then
			ln -s "/usr/share/zoneinfo/$tz" /etc/localtime

			break
		fi
	done

	hwclock --systohc --utc
	timedatectl set-ntp true

	prompt "Please enter the hostname of your new system."
	read -r hostname

	echo "$hostname" > /etc/hostname

	systemctl enable NetworkManager

	echo "en_GB.UTF-8 UTF-8" >> /etc/locale.gen
	echo LANG=en_GB.UTF-8 >> /etc/locale.conf
	echo LC_ALL= >> /etc/locale.conf

	locale-gen

	prompt "Please set a password for root."

	passwd

	sed -i "s/MODULES=()/MODULES=(btrfs)/g" /etc/mkinitcpio.conf
	sed -i "s/ filesystems / encrypt lvm2 filesystems /g" /etc/mkinitcpio.conf

	mkinitcpio -P

	bootctl --path=/boot install

	echo "default arch" >> /boot/loader/loader.conf
	echo "timeout 2" >> /boot/loader/loader.conf

	UUID=$(blkid | grep "$PART2" | cut -d'"' -f 2)

	(
		echo "title Arch Linux (hardened)"
		echo "linux /vmlinuz-linux-hardened"
		echo "initrd /initramfs-linux-hardened.img"
		echo "options cryptdevice=UUID=$UUID:vg0 root=/dev/mapper/vg0-root rw audit=0"
	) > /boot/loader/entries/arch.conf

	rm -f /install-chroot.sh /part2

	prompt "Done! You may now reboot."
fi
	#!/usr/bin/env bash

	# Max R. P. Grossmann's Arch Linux install script with LVM2 on LUKS
	# under (U)EFI, with an btrfs root, the hardened kernel and NetworkManager
	# Licensed under CC0: https://creativecommons.org/publicdomain/zero/1.0/

	# To run, simply boot the live disk and put this script into install.sh.
	# Run `chmod +x install.sh` and `./install.sh` to run.

	# THERE IS NO WARRANTY, AND RUNNING THIS SCRIPT INCORRECTLY WILL UTTERLY
	# DESTROY YOUR DATA. THERE IS NO WARRANTY. RUN AT YOUR OWN RISK.

	set -euo pipefail

	prompt () {
	echo "$(tput setaf 1)$1"
	echo -n "$(tput sgr0)"
	}

	if [ "$0" != "/install-chroot.sh" ]
	then
	[ -d /sys/firmware/efi ] \|\| (
	prompt "You need to enable EFI in order to run this install script."
	prompt "Please reboot into an EFI-enabled system and re-run this script."
	exit 1
	)


	while :
	do
	prompt "The following disks are available. To which do you want to install Arch Linux?"
	fdisk -l \| grep "Disk /"
	prompt "To select a disk, enter something like ´/dev/sdz´ or ´/dev/nvme0n1´."
	prompt "SELECT WISELY, THERE IS NO WARRANTY. CONTINUE AT YOUR OWN RISK."
	prompt "If you specify the wrong disk, the data on it will be irrecoverably destroyed."
	prompt "Press Ctrl+C now to abort without making any changes."
	read -r device

	if [ -b "$device" ]
	then
	DESTDEVICE="$device"

	break
	fi
	done

	sgdisk -og "$DESTDEVICE"
	sgdisk -n 1:2048:+512M -t 1:ef00 "$DESTDEVICE"
	sgdisk --attributes=1:set:2 "$DESTDEVICE"
	sgdisk -n 2:0:0 -t 2:8300 "$DESTDEVICE"

	partprobe

	if [ -b "$DESTDEVICE"1 ]
	then
	PART1="$DESTDEVICE"1
	PART2="$DESTDEVICE"2
	elif [ -b "$DESTDEVICE"p1 ]
	then
	PART1="$DESTDEVICE"p1
	PART2="$DESTDEVICE"p2
	else
	prompt "Could not find partitions. Stopping."
	exit 1
	fi

	mkfs.vfat -F32 "$PART1"

	cryptsetup -c aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 10000 -y --use-random luksFormat "$PART2"
	cryptsetup luksOpen "$PART2" crypt

	TOTALMEM="$(($(grep MemTotal /proc/meminfo \| awk '{print $2}') / 1024))M"

	while :
	do
	prompt "Please enter the size of the swap partition. This must"
	prompt "be something like ´512M´ or ´4G´. Even if you don't want"
	prompt "swap, please still specify a small amount, like 64M."
	prompt "You can always later remove swap using LVM."
	prompt "(You currently have $TOTALMEM of RAM.)"
	read -r swap

	if [[ $swap =~ [0-9]M \|\| $swap =~ [0-9]G ]]
	then
	SWAPSIZE="$swap"

	break
	fi
	done

	pvcreate /dev/mapper/crypt
	vgcreate vg0 /dev/mapper/crypt
	lvcreate --size "$SWAPSIZE" vg0 --name swap
	lvcreate -l +100%FREE vg0 --name root

	mkswap /dev/mapper/vg0-swap
	mkfs.btrfs /dev/mapper/vg0-root

	swapon /dev/mapper/vg0-swap

	mount /dev/mapper/vg0-root /mnt
	mkdir /mnt/boot
	mount "$PART1" /mnt/boot

	pacstrap /mnt linux-hardened linux-firmware lvm2 btrfs-progs base base-devel efibootmgr nano vim networkmanager

	genfstab -pU /mnt >> /mnt/etc/fstab

	echo "tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0" >> /mnt/etc/fstab
	sed -i "s/relatime/noatime/g" /mnt/etc/fstab

	cp "$(basename "$0")" /mnt/install-chroot.sh

	echo "$PART2" > /mnt/part2

	arch-chroot /mnt /install-chroot.sh

	exit 0
	else
	# the following commands will only be executed inside the chroot

	PART2=$(cat /part2)

	while :
	do
	prompt "Please enter your timezone, something like ´Europe/Zurich´ or ´America/Shiprock´."
	read -r tz

	if [ -f "/usr/share/zoneinfo/$tz" ]
	then
	ln -s "/usr/share/zoneinfo/$tz" /etc/localtime

	break
	fi
	done

	hwclock --systohc --utc
	timedatectl set-ntp true

	prompt "Please enter the hostname of your new system."
	read -r hostname

	echo "$hostname" > /etc/hostname

	systemctl enable NetworkManager

	echo "en_GB.UTF-8 UTF-8" >> /etc/locale.gen
	echo LANG=en_GB.UTF-8 >> /etc/locale.conf
	echo LC_ALL= >> /etc/locale.conf

	locale-gen

	prompt "Please set a password for root."

	passwd

	sed -i "s/MODULES=()/MODULES=(btrfs)/g" /etc/mkinitcpio.conf
	sed -i "s/ filesystems / encrypt lvm2 filesystems /g" /etc/mkinitcpio.conf

	mkinitcpio -P

	bootctl --path=/boot install

	echo "default arch" >> /boot/loader/loader.conf
	echo "timeout 2" >> /boot/loader/loader.conf

	UUID=$(blkid \| grep "$PART2" \| cut -d'"' -f 2)

	(
	echo "title Arch Linux (hardened)"
	echo "linux /vmlinuz-linux-hardened"
	echo "initrd /initramfs-linux-hardened.img"
	echo "options cryptdevice=UUID=$UUID:vg0 root=/dev/mapper/vg0-root rw audit=0"
	) > /boot/loader/entries/arch.conf

	rm -f /install-chroot.sh /part2

	prompt "Done! You may now reboot."
	fi